Lawyers need to be educated about business ID theft to protect themselves and their clients

By Mark D. KillianManaging Editor

Sixty percent of businesses that experience identity theft fail within one year of the crime, according to the Florida Department of State’s Division of Corporations.

That stark reality, coupled with an uptick in this relatively new type of crime, has spurred the division to alert businesses — including lawyers — to the threat and how to reduce the chances of falling prey to identity thieves.

“Business identity theft is essentially the same as personal identity theft, except the identity stolen is that of a company or other business entity, and the damage is usually much more severe,” said Ricky Harper, director of the Division of Corporations, adding most business owners are unaware of the crime or ways to protect themselves from it.

Harper said the state first became aware of the rising problem of business identity theft in late 2011, when the National Association of Secretaries of State produced a white paper on the subject.

According to the NASS, state trends make it clear that criminals are working to exploit state filing systems and business registration websites by filing bogus reports with secretary of state offices or manipulating online business records in order to steal cash and property using fraudulently obtained lines of credit.

“Using altered records, which appear to indicate that they have the authority to act on the behalf of a victim entity, the criminals can then apply for credit accounts with various retailers,” according to the NASS white paper. “While retailers will often check with business credit rating agencies to verify that the information in an application is correct, it can be difficult to immediately detect that a crime has been committed because this information is based on the same secretary of state business records that have been altered by the criminals.”

Harper said the Florida Department of State is working on a multi-pronged plan of attack, with the goal of protecting the state’s business owners from identity theft. As soon as those strategies are in place, they will be announced to the public.

“Thieves are after small businesses because they do not possess strong IT departments or multiple finance staff members with the resources to manage and check corporate filings, bank accounts, or credit ratings,” Harper said. “A small business is vulnerable because it typically has two distinctions that make it a great target: a small and very busy staff, and readily available credit.”

In many instances, Harper said, the criminals simply use information gathered from the Department of State’s records, fraudulently alter those same records, and then use the altered records to purchase easily fenced products.

“In other cases, they use the altered information to get contracts and collect cash for work performed, leaving the original entity with the tax burden,” Harper said. “Regardless of the method, the original business entity is left fighting for its life in the aftermath of the crime, and statistics indicate that as many as 60 percent will close their doors within one year.”

The NASS reports ID thieves also target businesses that are no longer in operation, often referred to as “dormant” or “dissolved entities.” These entities are vulnerable because their owners are less likely to be monitoring state-held business registration information.

Karen D. Ellis, a business identity theft specialist with the Division of Corporations, said attorneys need to educate themselves about business identity theft, not only to protect their own interests but the interests of their clients, as well.

“Lawyers need to know about this because they are going to be getting calls from people, business owners, who will be saying, ‘This is what happened to my business — that someone [misappropriated] my company’s name and opened up a bank account, opened up credit cards,’” Ellis said.

Harper said business identity theft has significantly greater consequences than personal identity theft because it not only hurts businesses, but also the businesses’ employees and the subcontractors they use.

“It has a snowballing effect,” said Harper, adding the theft is often not detected for weeks or even months.

“The other side of it, too, is many businesses don’t want their clients to know they have been the victim of identity theft, regardless of whether it’s business specific or not,” Harper said. “They don’t want clients to think the company lost their credit card numbers or other personal information.”

Harper said his office is currently tracking about 130 cases of business identity theft in Florida that have accumulated actual losses of about $6 million. Yet, Harper estimates the Division of Corporations knows of “maybe 1 percent of what is actually going on out there.”

Jacob Horner, a business identity theft assistant with the division, said there are other cases now going through the court process that could increase that money loss by millions more.

Florida has 1.6 million businesses, more than any other state, “so statistically, we are a target purely for the number of businesses we do have,” Horner said.

Harper said there are steps owners can take to protect their businesses.

“To begin with, learn about business identity theft,” said Harper, adding the National Association of Secretaries of State has a website with a great deal of information on the subject.

Find out more by going to www.nass.org and clicking on the business identity theft link.

“Second, go to the Department of State’s business filings portal — www.sunbiz.org — and check your entity, even if you have dissolved it, for errors or problems,” Harper said.

“If you see records that are incorrect, contact the Division of Corporations,” Harper said. “While you are on our website, make sure the email address on file is correct and one you check regularly.”

Finally, he said, contact your business’ creditors, to make sure there is “nothing suspicious going on with your accounts.”

Most creditors, Harper said, have the ability to put a hold on a company’s credit, preventing someone from opening new accounts without the owners’ authorization.